dmilillo1 Posted January 25, 2014 ID:782614 Share Posted January 25, 2014 I've been unable to update database since 1/4 Tried to reinstall but was told the installer was corrupted Same sort of message when trying to use DDR.com DDR.scr in silent mode was able to work DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428Run by David at 9:58:14 on 2014-01-25Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.5771 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exeC:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exeC:\Windows\SysWOW64\FortiSSLVPNdaemon.exeC:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exeC:\Program Files (x86)\Internet Content Filter\UpdateService.exeC:\Windows\system32\mfevtps.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\atieclxx.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exeC:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exeC:\Program Files (x86)\Internet Content Filter\safeeyes.exeC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exeC:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exeC:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exeC:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exeC:\Program Files (x86)\Windows Live\Mail\wlmail.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SysWOW64\ctfmon.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = localBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowmRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exemRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exemRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorunmRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiStartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: NameServer = 192.168.2.1 75.75.75.75 75.75.76.76TCP: Interfaces\{53B7799F-D4A5-4434-A38F-9432C7EB275D} : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2Px64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\FF - prefs.js: browser.search.selectedEngine - MixiDJ V8 Customized Web SearchFF - prefs.js: browser.startup.homepage - about:homeFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dllFF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll.---- FIREFOX POLICIES ----FF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: nglayout.initialpaint.delay - 600FF - user.js: content.notify.interval - 600000FF - user.js: content.max.tokenizing.time - 1800000FF - user.js: content.switch.threshold - 600000.============= SERVICES / DRIVERS ===============.R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2013-2-15 14848]R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-2-15 82560]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-2-15 42624]R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 207904]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-16 776168]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-16 343312]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-16 1034464]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-2-16 422216]R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-2-15 32400]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-2-15 149120]R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2013-2-15 1475744]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-16 78648]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-14 50344]R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-2-15 233328]R2 FortiSslvpnDaemon;FortiClient SSL VPN;C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [2009-9-17 703080]R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-16 219272]R2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2013-2-16 2765968]R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2013-10-2 2316328]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-16 182752]R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-2-16 310224]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-2-16 519064]R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2009-7-21 42528]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-15 677480]R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-2-15 56448]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-16 46136]S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-14 79672]S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-22 57856]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-15 111616]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-23 19456]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-23 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-23 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-16 1255736].=============== Created Last 30 ================.2014-01-25 14:23:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7981EE17-E861-4242-9D36-A9AF8CC2643D}\offreg.dll2014-01-25 14:18:22 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7981EE17-E861-4242-9D36-A9AF8CC2643D}\mpengine.dll2014-01-15 20:54:18 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 20:54:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 20:54:18 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 20:54:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 20:54:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 20:54:18 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-15 20:54:18 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 20:54:18 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 20:54:17 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2014-01-14 21:44:08 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys.==================== Find3M ====================.2014-01-25 14:08:17 1048576 ----a-w- C:\Windows\PE_Rom.dll2014-01-18 18:07:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-01-18 18:07:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-14 21:44:07 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2014-01-14 21:44:07 43152 ----a-w- C:\Windows\avastSS.scr2014-01-14 21:44:07 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2014-01-14 21:44:07 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll.============= FINISH: 9:58:27.89 =============== Attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume4Install Date: 2/15/2013 11:01:08 AMSystem Uptime: 1/23/2014 5:37:25 PM (40 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | M5A99X EVO R2.0Processor: AMD FX-6100 Six-Core Processor | Socket 942 | 3300/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 168 GiB total, 79.31 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 326 GiB total, 224.868 GiB free.F: is FIXED (NTFS) - 298 GiB total, 215.385 GiB free.G: is FIXED (NTFS) - 9 GiB total, 1.194 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP134: 12/31/2013 12:45:37 PM - Windows UpdateRP135: 1/4/2014 9:57:12 AM - Windows UpdateRP136: 1/7/2014 2:45:11 PM - Windows UpdateRP137: 1/11/2014 9:55:37 AM - Windows UpdateRP138: 1/14/2014 4:42:48 PM - avast! antivirus system restore pointRP139: 1/16/2014 3:00:17 AM - Windows UpdateRP140: 1/21/2014 7:32:49 PM - Windows UpdateRP141: 1/25/2014 9:18:12 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 PluginAdobe Flash Player 12 ActiveXAdobe Reader X (10.1.8) MUIAI Suite IIAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateAsmedia ASM104x USB 3.0 Host Controller DriverAsmedia ASM106x SATA Host Controller Driveravast! Free AntivirusBonjourBrother MFL-Pro Suite MFC-7340Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCompatibility Pack for the 2007 Office systemCPUID ASUS CPU-Z 1.60.1D3DX10Elevated InstallerFortiClient SSL VPN v4.0.2073Garmin ExpressGarmin Express TrayGoogle ChromeGoogle DriveGoogle Talk PluginGoogle Update HelperiTunesJunk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Money 2007Microsoft Money Shared LibrariesMicrosoft Mouse and Keyboard CenterMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Word 2002Movie MakerMozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 24.0 (x86 en-US)MSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)OpenOffice.org 3.1Photo CommonPhoto GalleryRealtek Ethernet Controller DriverRealtek High Definition Audio DriverSafe EyesSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Skype™ 6.3TuneUp Utilities 2011TuneUp Utilities Language Pack (en-US)TurboTax 2012TurboTax 2012 WinPerFedFormsetTurboTax 2012 WinPerReleaseEngineTurboTax 2012 WinPerTaxSupportTurboTax 2012 wnjiperTurboTax 2012 wrapperUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinZip 15.0.==== Event Viewer Messages From Past Week ========.1/22/2014 10:18:24 AM, Error: Service Control Manager [7034] - The McAfee Internet Content Filter Core Service service terminated unexpectedly. It has done this 1 time(s).1/21/2014 7:21:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted January 26, 2014 ID:783044 Share Posted January 26, 2014 Hello dmilillo1 and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
dmilillo1 Posted January 27, 2014 Author ID:783094 Share Posted January 27, 2014 I ran the programs and they found and cleaned some things I was still not able to update MBAM database until I disabled Avast, so it is possible some of my main problem was related to updates in Avast Here are the logs: JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Professional x64Ran by MainAdmin on Sun 01/26/2014 at 21:19:31.20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287822Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASMANCS ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\ai_recyclebin"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\user.js ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 01/26/2014 at 21:22:37.74End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v3.017 - Report created 26/01/2014 at 21:31:24# Updated 12/01/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : MainAdmin - ASUSFX_SSD# Running from : C:\Users\MainAdmin\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\David\AppData\Local\ConduitFolder Deleted : C:\Users\David\AppData\LocalLow\ConduitFolder Deleted : C:\Users\David\AppData\Roaming\strongvaultFolder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\SmartbarFolder Deleted : C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdleFile Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\user.jsFile Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorageFile Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journalFile Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdleKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\MainAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\erv8fit3.default\prefs.js ] [ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\prefs.js ] Line Deleted : user_pref("CT3287822.BBActive.enc", "eWVz");Line Deleted : user_pref("CT3287822.BBID.enc", "MTgwMGVmNTVmMWQ0MDYyNw==");Line Deleted : user_pref("CT3287822.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3287822.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3287822.FF19Solved", "true");Line Deleted : user_pref("CT3287822.FirstTime", "true");Line Deleted : user_pref("CT3287822.FirstTimeFF3", "true");Line Deleted : user_pref("CT3287822.PG_ENABLE", "dHJ1ZQ==");Line Deleted : user_pref("CT3287822.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]Line Deleted : user_pref("CT3287822.UserID", "UN32331252221026532");Line Deleted : user_pref("CT3287822.YTbyClickFavorites.enc", "W10=");Line Deleted : user_pref("CT3287822.YTbyClickRecent.enc", "W10=");Line Deleted : user_pref("CT3287822.autoDisableScopes", -1);Line Deleted : user_pref("CT3287822.browser.search.defaultthis.engineName", "true");Line Deleted : user_pref("CT3287822.defaultSearch", "true");Line Deleted : user_pref("CT3287822.embeddedsData", "[{\"appId\":\"130058556988002179\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]Line Deleted : user_pref("CT3287822.enableAlerts", "always");Line Deleted : user_pref("CT3287822.enableFix404ByUser", "TRUE");Line Deleted : user_pref("CT3287822.enableSearchFromAddressBar", "true");Line Deleted : user_pref("CT3287822.firstTimeDialogOpened", "true");Line Deleted : user_pref("CT3287822.fixPageNotFoundError", "true");Line Deleted : user_pref("CT3287822.fixPageNotFoundErrorByUser", "true");Line Deleted : user_pref("CT3287822.fixUrls", true);Line Deleted : user_pref("CT3287822.installDate", "23/3/2013 17:13:15");Line Deleted : user_pref("CT3287822.installId", "aaa_cid128_49");Line Deleted : user_pref("CT3287822.installType", "conduitnsisintegration");Line Deleted : user_pref("CT3287822.isCheckedStartAsHidden", true);Line Deleted : user_pref("CT3287822.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3287822.isFirstTimeToolbarLoading", "false");Line Deleted : user_pref("CT3287822.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");Line Deleted : user_pref("CT3287822.keyword", "true");Line Deleted : user_pref("CT3287822.lastVersion", "10.14.65.43");Line Deleted : user_pref("CT3287822.mam_gk_CouponBuddy_appState.enc", "");Line Deleted : user_pref("CT3287822.mam_gk_PriceGong_appState.enc", "b24=");Line Deleted : user_pref("CT3287822.mam_gk_PriceGrabber_appState.enc", "b24=");Line Deleted : user_pref("CT3287822.mam_gk_appStateReportTime.enc", "MTM2NDA3MzQxNDEwMQ==");Line Deleted : user_pref("CT3287822.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]Line Deleted : user_pref("CT3287822.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");Line Deleted : user_pref("CT3287822.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjM5NDI4ODdmLTE4ZmUtNGQwNy1hOGY5LTZhNzZmMTcxNjQ2NiIsImRvbWFpbnMiOls[...]Line Deleted : user_pref("CT3287822.mam_gk_currentVersion.enc", "MS40LjMuMg==");Line Deleted : user_pref("CT3287822.mam_gk_eventsCache.enc", "eyJhYTY2MTA2Ny0yOTJjLTRkZGYtODY3MC1hMTJmZjU5YjQ4NzgiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiYWE2NjEwNjctMjkyYy00Z[...]Line Deleted : user_pref("CT3287822.mam_gk_first_time.enc", "MQ==");Line Deleted : user_pref("CT3287822.mam_gk_gadgetOpen.enc", "MA==");Line Deleted : user_pref("CT3287822.mam_gk_installer_preapproved.enc", "ZmFsc2U=");Line Deleted : user_pref("CT3287822.mam_gk_lastLoginTime.enc", "MTM2NDA3MzQxMDAzOQ==");Line Deleted : user_pref("CT3287822.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]Line Deleted : user_pref("CT3287822.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");Line Deleted : user_pref("CT3287822.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTg3XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]Line Deleted : user_pref("CT3287822.mam_gk_showCloseButton.enc", "dHJ1ZQ==");Line Deleted : user_pref("CT3287822.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");Line Deleted : user_pref("CT3287822.mam_gk_userId.enc", "M2U4NjMzMTAtOTEwNy00Zjc5LWI5NjEtZmQ4YTA0MzYwMGQx");Line Deleted : user_pref("CT3287822.mam_gk_user_apps_selection.enc", "");Line Deleted : user_pref("CT3287822.migrateAppsAndComponents", true);Line Deleted : user_pref("CT3287822.openThankYouPage", "false");Line Deleted : user_pref("CT3287822.openUninstallPage", "true");Line Deleted : user_pref("CT3287822.price-gong.isManagedApp", "true");Line Deleted : user_pref("CT3287822.revertSettingsEnabled", "false");Line Deleted : user_pref("CT3287822.search.searchAppId", "130058556988002179");Line Deleted : user_pref("CT3287822.search.searchCount", "0");Line Deleted : user_pref("CT3287822.searchFromAddressBarEnabledByUser", "true");Line Deleted : user_pref("CT3287822.searchInNewTabEnabledByUser", "true");Line Deleted : user_pref("CT3287822.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287822\"}");Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V8\"}");Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3287822.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364073261672");Line Deleted : user_pref("CT3287822.serviceLayer_services_appsMetadata_lastUpdate", "1364073261673");Line Deleted : user_pref("CT3287822.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364073261670");Line Deleted : user_pref("CT3287822.serviceLayer_services_location_lastUpdate", "1364073200813");Line Deleted : user_pref("CT3287822.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364073261878");Line Deleted : user_pref("CT3287822.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364073261671");Line Deleted : user_pref("CT3287822.serviceLayer_services_searchAPI_lastUpdate", "1364073200943");Line Deleted : user_pref("CT3287822.serviceLayer_services_serviceMap_lastUpdate", "1364073200230");Line Deleted : user_pref("CT3287822.serviceLayer_services_setupAPI_lastUpdate", "1364073201675");Line Deleted : user_pref("CT3287822.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364073261669");Line Deleted : user_pref("CT3287822.serviceLayer_services_toolbarSettings_lastUpdate", "1364073201588");Line Deleted : user_pref("CT3287822.serviceLayer_services_translation_lastUpdate", "1364073261675");Line Deleted : user_pref("CT3287822.settingsINI", true);Line Deleted : user_pref("CT3287822.shouldFirstTimeDialog", "false");Line Deleted : user_pref("CT3287822.smartbar.CTID", "CT3287822");Line Deleted : user_pref("CT3287822.smartbar.Uninstall", "0");Line Deleted : user_pref("CT3287822.smartbar.homepage", true);Line Deleted : user_pref("CT3287822.smartbar.toolbarName", "MixiDJ V8 ");Line Deleted : user_pref("CT3287822.startPage", "true");Line Deleted : user_pref("CT3287822.toolbarDisabled", "true");Line Deleted : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364073198958,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V8 Customized Web Search");Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V8 Customized Web Search");Line Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V8 Customized Web Search");Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");Line Deleted : user_pref("smartbar.originalSearchEngine", ""); [ File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\8xedz8t9.default\prefs.js ] -\\ Google Chrome v32.0.1700.76 [ File : C:\Users\MainAdmin\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepageDeleted : icon_urlDeleted : search_urlDeleted : suggest_urlDeleted : keyword [ File : C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : search_url ************************* AdwCleaner[R0].txt - [13080 octets] - [26/01/2014 21:29:52]AdwCleaner[s0].txt - [13120 octets] - [26/01/2014 21:31:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13181 octets] ########## MBAM: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.27.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476MainAdmin :: ASUSFX_SSD [administrator] 1/26/2014 9:42:35 PMmbam-log-2014-01-26 (21-42-35).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 262961Time elapsed: 3 minute(s), 37 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maniac Posted January 27, 2014 ID:783198 Share Posted January 27, 2014 Please follow the instructions here: https://forums.malwarebytes.org/index.php?showtopic=10138&page=1entry417798 When you are done, please reboout your system and try again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 30, 2014 Root Admin ID:784400 Share Posted January 30, 2014 Are you still with us? This topic will be closed soon if we do not hear back from you. Link to post Share on other sites More sharing options...
dmilillo1 Posted January 30, 2014 Author ID:784594 Share Posted January 30, 2014 Apologies. I just back from a business trip I followed the link instructions but still was unable to update the mb database without disabling avast As well, browsing is still slow and getting stuck at places I've redone all the scans and nothing is showing up Not sure what to make of that Thank you Link to post Share on other sites More sharing options...
Maniac Posted January 31, 2014 ID:784835 Share Posted January 31, 2014 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
dmilillo1 Posted February 1, 2014 Author ID:785498 Share Posted February 1, 2014 ComboFix log ComboFix 14-02-01.01 - MainAdmin 02/01/2014 11:40:42.1.6 - x64 NETWORKMicrosoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.7333 [GMT -5:00]Running from: c:\users\MainAdmin\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Public\sdelevURL.tmpc:\users\Susan\Documents\~WRL0005.tmpc:\users\Susan\Documents\~WRL0884.tmpc:\users\Susan\Documents\~WRL2803.tmpc:\users\Susan\Documents\~WRL2829.tmpc:\users\Susan\Documents\~WRL3251.tmpc:\users\Susan\Documents\~WRL3325.tmpc:\users\Susan\g2mdlhlpx.exe..((((((((((((((((((((((((( Files Created from 2014-01-01 to 2014-02-01 )))))))))))))))))))))))))))))))..2014-02-01 16:45 . 2014-02-01 16:45 -------- d-----w- c:\users\Susan\AppData\Local\temp2014-02-01 16:45 . 2014-02-01 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-01 16:45 . 2014-02-01 16:45 -------- d-----w- c:\users\David\AppData\Local\temp2014-02-01 14:30 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A401AF48-5B78-41F0-9571-4BEA4C519C08}\mpengine.dll2014-01-29 04:05 . 2014-01-29 04:05 -------- d-----w- c:\windows\Migration2014-01-27 02:29 . 2014-01-28 00:56 -------- d-----w- C:\AdwCleaner2014-01-27 02:24 . 2014-01-27 02:24 -------- d-----w- c:\users\MainAdmin\AppData\Local\Macromedia2014-01-27 02:19 . 2014-01-27 02:19 -------- d-----w- c:\windows\ERUNT2014-01-27 02:16 . 2014-01-27 02:17 -------- d-----w- c:\users\MainAdmin\AppData\Local\Mozilla2014-01-26 14:43 . 2014-01-26 14:43 -------- d-----w- c:\users\MainAdmin\AppData\Roaming\TuneUp Software2014-01-26 00:37 . 2014-01-26 00:37 -------- d-----w- c:\users\MainAdmin\AppData\Roaming\AVAST Software2014-01-26 00:26 . 2014-01-26 00:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-01-26 00:25 . 2014-01-26 00:25 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-01-25 20:32 . 2014-01-25 20:32 -------- d-----w- c:\users\MainAdmin\AppData\Roaming\Malwarebytes2014-01-15 20:54 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-15 20:54 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-15 20:54 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-15 20:54 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-15 20:54 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-15 20:54 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-15 20:54 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-15 20:54 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-15 20:54 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-14 21:44 . 2014-01-26 14:56 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-01 14:21 . 2013-02-16 05:01 1048576 ----a-w- c:\windows\PE_Rom.dll2014-01-26 14:56 . 2013-02-16 05:14 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-01-26 14:56 . 2013-02-16 05:14 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-01-26 14:56 . 2013-02-16 05:14 334136 ----a-w- c:\windows\system32\aswBoot.exe2014-01-26 14:56 . 2013-02-16 05:14 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-01-26 14:56 . 2013-02-16 05:14 43152 ----a-w- c:\windows\avastSS.scr2014-01-18 18:07 . 2013-03-03 21:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-18 18:07 . 2013-03-03 21:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-16 08:00 . 2013-02-23 14:41 86054176 ----a-w- c:\windows\system32\MRT.exe2014-01-14 21:44 . 2013-03-16 14:24 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2013-12-02 20:47 . 2013-12-02 20:47 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-12-02 20:47 . 2013-12-02 20:47 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-12-02 20:47 . 2013-12-02 20:47 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-12-02 20:47 . 2013-12-02 20:47 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-12-02 20:47 . 2013-12-02 20:47 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-12-02 20:47 . 2013-12-02 20:47 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-12-02 20:47 . 2013-12-02 20:47 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-12-02 20:47 . 2013-12-02 20:47 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-12-02 20:47 . 2013-12-02 20:47 81408 ----a-w- c:\windows\system32\icardie.dll2013-12-02 20:47 . 2013-12-02 20:47 774144 ----a-w- c:\windows\system32\jscript.dll2013-12-02 20:47 . 2013-12-02 20:47 77312 ----a-w- c:\windows\system32\tdc.ocx2013-12-02 20:47 . 2013-12-02 20:47 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-12-02 20:47 . 2013-12-02 20:47 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-02 20:47 . 2013-12-02 20:47 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-12-02 20:47 . 2013-12-02 20:47 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-12-02 20:47 . 2013-12-02 20:47 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-12-02 20:47 . 2013-12-02 20:47 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-12-02 20:47 . 2013-12-02 20:47 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-12-02 20:47 . 2013-12-02 20:47 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-12-02 20:47 . 2013-12-02 20:47 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-12-02 20:47 . 2013-12-02 20:47 548352 ----a-w- c:\windows\system32\vbscript.dll2013-12-02 20:47 . 2013-12-02 20:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-12-02 20:47 . 2013-12-02 20:47 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-12-02 20:47 . 2013-12-02 20:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-12-02 20:47 . 2013-12-02 20:47 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-12-02 20:47 . 2013-12-02 20:47 48128 ----a-w- c:\windows\system32\imgutil.dll2013-12-02 20:47 . 2013-12-02 20:47 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-12-02 20:47 . 2013-12-02 20:47 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-12-02 20:47 . 2013-12-02 20:47 413696 ----a-w- c:\windows\system32\html.iec2013-12-02 20:47 . 2013-12-02 20:47 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-12-02 20:47 . 2013-12-02 20:47 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-12-02 20:47 . 2013-12-02 20:47 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-02 20:47 . 2013-12-02 20:47 337408 ----a-w- c:\windows\SysWow64\html.iec2013-12-02 20:47 . 2013-12-02 20:47 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-12-02 20:47 . 2013-12-02 20:47 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-12-02 20:47 . 2013-12-02 20:47 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-12-02 20:47 . 2013-12-02 20:47 247808 ----a-w- c:\windows\system32\msls31.dll2013-12-02 20:47 . 2013-12-02 20:47 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-12-02 20:47 . 2013-12-02 20:47 243200 ----a-w- c:\windows\system32\webcheck.dll2013-12-02 20:47 . 2013-12-02 20:47 235520 ----a-w- c:\windows\system32\url.dll2013-12-02 20:47 . 2013-12-02 20:47 235008 ----a-w- c:\windows\system32\elshyph.dll2013-12-02 20:47 . 2013-12-02 20:47 195584 ----a-w- c:\windows\system32\msrating.dll2013-12-02 20:47 . 2013-12-02 20:47 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-12-02 20:47 . 2013-12-02 20:47 167424 ----a-w- c:\windows\system32\iexpress.exe2013-12-02 20:47 . 2013-12-02 20:47 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-12-02 20:47 . 2013-12-02 20:47 147968 ----a-w- c:\windows\system32\occache.dll2013-12-02 20:47 . 2013-12-02 20:47 143872 ----a-w- c:\windows\system32\wextract.exe2013-12-02 20:47 . 2013-12-02 20:47 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-12-02 20:47 . 2013-12-02 20:47 13824 ----a-w- c:\windows\system32\mshta.exe2013-12-02 20:47 . 2013-12-02 20:47 135680 ----a-w- c:\windows\system32\iepeers.dll2013-12-02 20:47 . 2013-12-02 20:47 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-12-02 20:47 . 2013-12-02 20:47 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-12-02 20:47 . 2013-12-02 20:47 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-12-02 20:47 . 2013-12-02 20:47 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-12-02 20:47 . 2013-12-02 20:47 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-12-02 20:47 . 2013-12-02 20:47 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-12-02 20:47 . 2013-12-02 20:47 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-12-02 20:47 . 2013-12-02 20:47 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-12-02 20:47 . 2013-12-02 20:47 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-26 11:54 . 2013-12-15 08:01 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-15 08:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-15 08:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-15 08:01 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-15 08:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-15 08:01 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-15 08:01 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-15 08:01 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-15 08:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-15 08:01 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-15 08:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-15 08:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-15 08:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-15 08:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-15 08:01 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-15 08:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-15 08:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-15 08:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-15 08:01 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-15 08:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-15 08:01 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-15 08:01 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-15 08:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-15 08:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-14 14:17 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-14 14:17 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-11-12 02:23 . 2013-12-14 14:17 2048 ----a-w- c:\windows\system32\tzres.dll2013-11-12 02:07 . 2013-12-14 14:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-06-09 1384608]"ICF"="c:\program files (x86)\Internet Content Filter\SafeEyes.exe" [2013-07-31 3267512]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096].c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe""Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe""iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe""APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe".R0 aswRvrt;avast! Revert; [x]R0 aswVmm;avast! VM Monitor; [x]R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]R2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]R2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [x]R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]R2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files (x86)\Internet Content Filter\mfeicfcore.exe;c:\program files (x86)\Internet Content Filter\mfeicfcore.exe [x]R2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe;c:\program files (x86)\Internet Content Filter\UpdateService.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys;c:\windows\SYSNATIVE\DRIVERS\pppop64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-01-29 00:28 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 18:07].2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 04:54].2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 04:54].2014-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309692881-1577990021-1143101018-1005Core.job- c:\users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-31 20:10].2014-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309692881-1577990021-1143101018-1005UA.job- c:\users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-31 20:10]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-01-26 14:56 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\MainAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\erv8fit3.default\.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-02-01 11:47:44ComboFix-quarantined-files.txt 2014-02-01 16:47.Pre-Run: 84,339,183,616 bytes freePost-Run: 84,333,019,136 bytes free.- - End Of File - - 31372A1F0F40BA2B2ED9DDDF1D8AED298913823FF508CCF109DB74B636C301DA Link to post Share on other sites More sharing options...
Maniac Posted February 2, 2014 ID:785630 Share Posted February 2, 2014 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
dmilillo1 Posted February 4, 2014 Author ID:786543 Share Posted February 4, 2014 C:\Users\All Users\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll Win32/InstalleRex.L application E:\Users\All Users\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll Win32/InstalleRex.L application F:\Users\All Users\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll Win32/InstalleRex.L application C:\ProgramData\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll Win32/InstalleRex.L application cleaned by deleting - quarantinedC:\Users\David\Downloads\cbsidlm-tr1_7-Graboid_Video-SEO-10910304.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantinedC:\Users\David\Downloads\GraboidVideoSetup-3.54.exe Win32/Graboid application cleaned by deleting - quarantinedC:\Users\David\Downloads\openofficesuite-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Users\David\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantinedC:\Users\MainAdmin\Downloads\GraboidVideoSetup-2.4-Complete.exe Win32/Graboid application cleaned by deleting - quarantinedC:\Users\MainAdmin\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.IX application cleaned by deleting - quarantinedC:\Users\Susan\AppData\LocalLow\MixiDJ_V8\ldrtbMixi.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantinedC:\Users\Susan\AppData\LocalLow\MixiDJ_V8\tbMixi.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\Users\Susan\Downloads\cbsidlm-tr1_12-BibleMan_A_Fight_for_Faith_demo-SEO-10475641.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedE:\Users\Susan\Downloads\couponprinter(2).exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantinedE:\Users\Susan\Downloads\couponprinter(3).exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantinedE:\Users\Susan\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantinedF:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantinedF:\Program Files\W3i\UninstallHelper\UninstallHelper.exe probably a variant of Win32/InstallIQ.A application cleaned by deleting - quarantinedF:\Users\David\AppData\Local\Babylon\Setup\BExternal.dll a variant of Win32/Toolbar.Babylon.F application cleaned by deleting - quarantinedF:\Users\David\AppData\Local\Babylon\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantinedF:\Users\David\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H application cleaned by deleting - quarantinedF:\Users\David\Downloads\cbsidlm-tr1_7-Graboid_Video-SEO-10910304.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantinedF:\Users\David\Downloads\GraboidVideoSetup-3.54.exe Win32/Graboid application cleaned by deleting - quarantinedF:\Users\David\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantinedF:\Users\Main Admin\Downloads\GraboidVideoSetup-2.4-Complete.exe Win32/Graboid application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Maniac Posted February 4, 2014 ID:786806 Share Posted February 4, 2014 Step 1 Please manually delete the following folders: C:\Users\All Users\InstallMate C:\ProgramData\InstallMate C:\Users\Susan\AppData\LocalLow\MixiDJ_V8 F:\Users\David\AppData\Local\Babylon Step 2 Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
dmilillo1 Posted February 9, 2014 Author ID:788555 Share Posted February 9, 2014 No detected threats Link to post Share on other sites More sharing options...
Maniac Posted February 9, 2014 ID:788724 Share Posted February 9, 2014 Step 1Download and run mbam-clean.exe from hereIt will ask to restart your computer, please allow it to do so very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it. Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Link to post Share on other sites More sharing options...
dmilillo1 Posted February 15, 2014 Author ID:791658 Share Posted February 15, 2014 I'm really suspecting Avast as being the cause of many of the problems that are persistingBecause when I disable Avast I seem to be ok Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.15.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16518David :: ASUSFX_SSD [administrator] 2/15/2014 12:10:13 PMmbam-log-2014-02-15 (12-10-13).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 274106Time elapsed: 3 minute(s), 36 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maniac Posted February 15, 2014 ID:791674 Share Posted February 15, 2014 But now everything is okay, right? Link to post Share on other sites More sharing options...
dmilillo1 Posted February 15, 2014 Author ID:791755 Share Posted February 15, 2014 No, it's not alrightBut at this point I'm doubting there is any more influence from viruses. They appear cleaned up completely But there are still problems with Avast. So I have some decisions to make in regards to continuing with Avast or replacing it I'll at least attempt to uninstall and reinstall Link to post Share on other sites More sharing options...
Maniac Posted February 16, 2014 ID:792077 Share Posted February 16, 2014 If you still want to use this AV, uninstall it, download the latest version from their official page and install it. Reboot your system and check how are things then. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2014 Root Admin ID:794593 Share Posted February 21, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts